DevHeads.net

Postings by Neal Becker

hg + zstd packaging

Hi, I'm helping to maintain hg on Fedora.

Fedora has a policy of using system libraries where possible.

Fedora currently has libzstd (1.3.8), but does not appear to have python2-
zstd module.

I think we need to build hg to use the system libzstd, and to also package
python2-zstd seperately.

python-zstd?

mercurial 4.9 packages zstd and python wrapper.

I think we need to use system zstd. But I don't see python2-zstd.

Is anyone working on packaging python2-zstd? It would be needed to proceed
with mercurial 4.9.

fedpkg push fails

I haven't done any fedora packaging work for some time. I tried to fix
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1674789" title="https://bugzilla.redhat.com/show_bug.cgi?id=1674789">https://bugzilla.redhat.com/show_bug.cgi?id=1674789</a>
today, but I get:

fedpkg push
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 4 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 429 bytes | 429.00 KiB/s, done.
Total 3 (delta 2), reused 0 (delta 0)
remote: Denied push for ref 'refs/heads/master' for user 'nbecker'
remote: All changes have been rejected
To ssh://pkgs.fedoraproject.org/rpms/dblatex
!

F30 change: update mercurial to version 4.9

I'm proposing to update to mercurial 4.9 for F30.

The following packages are reported by dnf repoquery --whatrequires to
depend on mercurial:
git-cinnabar-0:0.5.0-1.fc29.x86_64
git-remote-hg-0:0.3-9.fc29.noarch
gitifyhg-0:0.8.4-11.fc29.noarch
golang-bin-0:1.11-1.fc29.x86_64
golang-bin-0:1.11.5-1.fc29.x86_64
gwsmhg-0:0.13.2-14.fc29.noarch
hg-git-0:0.8.11-3.fc29.noarch
hgsubversion-0:1.8.7-2.fc27.noarch
hgsvn-0:0.5.1-7.fc29.noarch
hgview-common-0:1.10.2-1.fc29.noarch
mercurial-chg-0:4.5.3-1.fc29.x86_64
mercurial-hgk-0:4.5.3-1.fc29.x86_64
python2-anyvc-0:0.3.7.1-14.fc29.noarch
python2-hgapi-0:1

Clear Linux's make-fmv-patch Eases The Creation Of GCC FMV-Enabled Code Paths

<a href="https://www.phoronix.com/scan.php?page=news_item&amp;px=GCC-Clear-make-fmv-patch" title="https://www.phoronix.com/scan.php?page=news_item&amp;px=GCC-Clear-make-fmv-patch">https://www.phoronix.com/scan.php?page=news_item&amp;px=GCC-Clear-make-fmv-p...</a>

Sounds like interesting tech.

dnf download misbehaving?

dnf download --source wireshark
[...]
No package wireshark-2.6.5-1.fc29.src available.
Exiting due to strict setting.
Error: No package wireshark-2.6.5-1.fc29.src available.

dnf: update julia would remove dnf??

sudo dnf update --enablerepo=rawhide julia

Dependencies resolved.

Problem: The operation would result in removing the following protected
packages: dnf
===================================================================================================================================================
Package Arch Version
Repository Size
===================================================================================================================================================

proposal to update mercurial to 4.5.3 for f28

Inline with this request:

<a href="https://src.fedoraproject.org/rpms/mercurial/pull-request/3" title="https://src.fedoraproject.org/rpms/mercurial/pull-request/3">https://src.fedoraproject.org/rpms/mercurial/pull-request/3</a>

I am proposing to update mercurial to 4.5.3 for f28. Any objections?

package built for rawhide, but not available?

As shown here:
<a href="https://koji.fedoraproject.org/koji/packageinfo?packageID=2518" title="https://koji.fedoraproject.org/koji/packageinfo?packageID=2518">https://koji.fedoraproject.org/koji/packageinfo?packageID=2518</a>

mercurial-4.4.2-1.fc28

is built, but
dnf --enablerepo=rawhide --show info mercurial

doesn't show it. Is there now another step needed beyond just fedpkg build?

mercurial CVEs - plan for f25 and f26 updates

Mercurial's symlink auditing was incomplete prior to 4.3, and could be
abused to write to files outside the repository.

CVE-2017-1000116:

Mercurial was not sanitizing hostnames passed to ssh, allowing shell
injection attacks by specifying a hostname starting with -oProxyCommand.

can I "watch" a project in bodhi?

If not, it would be a handy feature - to be notified of any updates. I
didn't see it looking at <a href="https://bodhi.fedoraproject.org/" title="https://bodhi.fedoraproject.org/">https://bodhi.fedoraproject.org/</a>

mercurial 4.1.3 for f26

Mercurial < 4.1.3 has a security issue, and an update is highly recommended
<a href="https://www.mercurial-scm.org/pipermail/mercurial-packaging/2017-April/000202.html" title="https://www.mercurial-scm.org/pipermail/mercurial-packaging/2017-April/000202.html">https://www.mercurial-scm.org/pipermail/mercurial-packaging/2017-April/0...</a>

I propose to update f26 for 4.1.3.
torgoisehg 4.1.3 is (just now) also available.

It would be advisable to backport patches to earlier versions.

kinit OK, but howto ssh?

kinit <a href="mailto: ... at FEDORAPROJECT dot ORG"> ... at FEDORAPROJECT dot ORG</a>
Password for ... at FEDORAPROJECT dot ORG:
[nbecker@nbecker2 ~]$ ssh <a href="mailto: ... at fedoraproject dot org"> ... at fedoraproject dot org</a>
Permission denied (publickey).

static linking a library

Mercurial upstream is asking about a compression library zstd.

Specifically:
<a href="https://www.mercurial-scm.org/pipermail/mercurial-packaging/2016-November/000178.html" title="https://www.mercurial-scm.org/pipermail/mercurial-packaging/2016-November/000178.html">https://www.mercurial-scm.org/pipermail/mercurial-packaging/2016-Novembe...</a>

I believe the proposed solution here:
<a href="https://www.mercurial-scm.org/pipermail/mercurial-packaging/2016-December/000182.html" title="https://www.mercurial-scm.org/pipermail/mercurial-packaging/2016-December/000182.html">https://www.mercurial-scm.org/pipermail/mercurial-packaging/2016-Decembe...</a>

which is to statically link the library to the mercurial executable would
also raise issues?

f25 builds in copr?

It seems at this time f25 builds are not yet turned on in copr.

test dnf system-upgrade (failed?)

I tried to test upgrade f24->f25:

sudo dnf system-upgrade download --refresh --releasever=25 --allowerasing

but it wanted to downgrade a large number of packages, particularly texlive:
[hundreds of downgrades...]
texlive-zlmtt noarch
5:svn34485.1.01-17.fc25.1 fedora
35 k

Just checking that last one:
rpm -q texlive-zlmtt
texlive-zlmtt-svn34485.1.01-24.fc24.1.noarch

Yup, the f24 version seems to be newer.

I suppose this is not the correct procedure?

emacs patched for x2go on copr

Many of us have experience that emacs cannot run under x2go.
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1349412" title="https://bugzilla.redhat.com/show_bug.cgi?id=1349412">https://bugzilla.redhat.com/show_bug.cgi?id=1349412</a>

There is no actual fix, but we can't live without emacs, so I am putting up
a version on copr which has a workaround (configure options).

It is named:
e.g., emacs-filesystem-25.1-2.x2go.fc24.noarch.rpm

I think this complies with naming conventions.

update mercurial to 4.0 in rawhide

I'm planning to update mercurial to 4.0 for rawhide. Any objections?

dnf should not update debuginfo if not updating packgages

sudo dnf update
...
updates 77 k
mercurial-debuginfo x86_64 4.0-1.fc24
...
nbecker-mercurial-3 190 k
Skipping packages with broken dependencies:
mercurial x86_64 4.0-1.fc24
nbecker-mercurial-3 3.6 M
mercurial-hgk x86_64 4.0-1.fc24
nbecker-mercurial-3 55 k

Transaction Summary
=============================================================================================================
Upgrade 23 Packages
Skip 2 Pac

“Side channel” in Haswell CPUs lets researchers bypass protection known as ASLR.

<a href="http://arstechnica.com/security/2016/10/flaw-in-intel-chips-could-make-malware-attacks-more-potent/" title="http://arstechnica.com/security/2016/10/flaw-in-intel-chips-could-make-malware-attacks-more-potent/">http://arstechnica.com/security/2016/10/flaw-in-intel-chips-could-make-m...</a>

problem with gmp f24? undefined reference to symbol '__gxx_personality_v0@@CXXABI_1.3'

cc -c test_gmp.cpp
cc -o a.out test_gmp.o -lgmp -lgmpxx
/usr/bin/ld: test_gmp.o: undefined reference to symbol
'__gxx_personality_v0@@CXXABI_1.3'
/usr/lib64/libstdc++.so.6: error adding symbols: DSO missing from command
line
collect2: error: ld returned 1 exit status

Here is test_gmp.cpp:
#include <gmpxx.h>
int main() {
mpz_class a(1);
return a == 0;
};

having trouble with bodhi

[nbecker@nbecker2 Cython]$ bodhi -n -r F23 -t bugfix -b 1343331
Cython-0.23.4-3.fc23
No handlers could be found for logger "fedora.client.bodhi"
Creating a new update for Cython-0.23.4-3.fc23
Traceback (most recent call last):
File "/usr/bin/bodhi", line 537, in <module>
main()
File "/usr/bin/bodhi", line 251, in main
data = bodhi.save(**extra_args)
File "/usr/lib/python2.7/site-packages/fedora/client/bodhi.py", line 93,
in wrapper
raise BodhiClientException(problems)
fedora.client.bodhi.BodhiClientException: Required

OK, how about another test?
[nbecker@nbecker2 Cython]$

build stuck?

<a href="http://koji.fedoraproject.org/koji/taskinfo?taskID=14421664" title="http://koji.fedoraproject.org/koji/taskinfo?taskID=14421664">http://koji.fedoraproject.org/koji/taskinfo?taskID=14421664</a>

rpm: %patch needs --fuzz

In an rpm .spec I need a patch with more fuzz

%patch macro

doesn't seem to accept --fuzz=xxx

What's a good solution?

can't login to koji - ssl error

chrome is refusing to login to:

<a href="https://koji.fedoraproject.org/koji/login" title="https://koji.fedoraproject.org/koji/login">https://koji.fedoraproject.org/koji/login</a>

This site can’t provide a secure connection

koji.fedoraproject.org sent an invalid response.
Try:
Reloading the page
Learn more about this problem.
ERR_SSL_PROTOCOL_ERROR

Appears to be a deprecation in chrome 50:
<a href="https://developers.google.com/web/updates/2016/03/chrome-50-deprecations?hl=en&amp;p=ir_ssl_error&amp;hl=en&amp;rd=1#remove-insecure-tls-version-fallback" title="https://developers.google.com/web/updates/2016/03/chrome-50-deprecations?hl=en&amp;p=ir_ssl_error&amp;hl=en&amp;rd=1#remove-insecure-tls-version-fallback">https://developers.google.com/web/updates/2016/03/chrome-50-deprecations...</a>

update mercurial to 3.7.1 in rawhide and F24

I'd like to update to latest mercurial. I built 3.7.1 in rawhide, and
AFAICT there's no problem using it with tortoisehg-3.7.1-fc24.

I'd like to update mercurial in F24 - AFAIK there should not be any
compatibility issues.

Any objections?

Cython is failing to build (%check) on f24 (gcc6)

Running %check is giving a compile error. What's the easiest way to see
what the error message is?

<a href="https://kojipkgs.fedoraproject.org//work/tasks/3468/12893468/build.log" title="https://kojipkgs.fedoraproject.org//work/tasks/3468/12893468/build.log">https://kojipkgs.fedoraproject.org//work/tasks/3468/12893468/build.log</a>

Update mercurial in rawhide to 3.6.2

I'd like to update to the current mercurial version 3.6.2.

Affected packages are:

dnf repoquery --whatrequires mercurial
Last metadata expiration check performed 0:02:51 ago on Thu Dec 24 14:05:58
2015.
fusionforge-plugin-scmhg-0:6.0.2-1.fc23.noarch
git-remote-hg-0:0.2-6.fc23.noarch
gitifyhg-0:0.8.4-3.fc23.noarch
gwsmhg-0:0.13.2-4.fc23.noarch
hg-git-0:0.8.2-1.fc23.noarch
hgsubversion-0:1.8.3-1.fc23.noarch
hgsvn-0:0.2.3-4.fc23.noarch
hgsvn-0:0.3.12-1.fc23.noarch
hgview-common-0:1.8.2-3.fc23.noarch
python-anyvc-0:0.3.7.1-6.fc23.noarch
python-hgapi-0:1.7.2-2.fc23.noarch
python-hghooks-0:0.6.0-

python-cycler has broken dependencies in the rawhide tree:

python-cycler has broken dependencies in the rawhide tree:
On x86_64:
python3-cycler-0.9.0-4.fc24.noarch requires python(abi) = 0:3.4
On i386:
python3-cycler-0.9.0-4.fc24.noarch requires python(abi) = 0:3.4
On armhfp:
python3-cycler-0.9.0-4.fc24.noarch requires python(abi) = 0:3.4

I'm guessing it just needs to be rebuilt? How do I do this?

I tried:
fedpkg build
Could not execute build: Package python-cycler-0.9.0-4.fc24 has already been
built
Note: You can skip this check with --skip-nvr-check. See help for more info.

What is Source0 tag for this?

What is syntax for Source0 tag for git tag v0.9.0 tarball for this?

<a href="https://github.com/matplotlib/cycler/tree/v0.9.0" title="https://github.com/matplotlib/cycler/tree/v0.9.0">https://github.com/matplotlib/cycler/tree/v0.9.0</a>

And how can I verify it works?